SU Q/CSO Qualified/Cyber Security Officer

If you're pursuing your Q/CSO Qualified/ Cyber Security Officer Certification class, you'll need to study hard. This class is a comprehensive review of executive levels of information security & industry best practices merged with a comprehensive exam preparation for the Q/CISO exam. Bringing together all the components required for a C-Level positions, the CCISO program combines audit management, governance, IS controls, human capital management, strategic program development, and the financial expertise vital to leading a highly successful IS program.

This 72 hour accelerated class is taught using face to face modality or hybrid modality. Class includes 72 hours of contact studies, labs, reading assignments and final exam - passing the final exam is a requirement for graduation.

Who should attend: CIOs with responsibility for Contingency Planning, Network Administrators, Information Security Architects, Auditors, Consultants, and all others seeking to plan, implement, and/or manage a cyber risk program.

It used to be that a cyberattack was a CISO’s worst nightmare, and a sure-fire sign that a pink slip would follow. In 2020, it’s a fact that every company has been hacked (or will be). Major corporations globally, with the help of law enforcement and private sector cyber defenders, have come to the realization that it’s not the CISO’s fault, and ousting one will only open up another can of worms — namely recruiting a replacement in a highly competitive market that is suffering through a severe workforce shortage. Instead, CISOs are being heralded for their ability to plan for the worst, and to react calmly, legally, methodically, and swiftly, in response to cyber intrusions.

Discussions: CISO Compensation Strategies for recruiting and retaining security leaders

Discussions Compensation -“Money, of course, is something that every CISO wants to hear about,” says King, a serial connector in the cybersecurity space, and a board member for several non-profit organizations related to our field.
Some Fortune 500 and Global 2000 corporations are giving their information security head honchos — oftentimes those with military backgrounds — seven-figure pay packages. One company paid a $3.89 million annual salary to fill its CISO position. The Los Angeles Times reports that big companies are paying big bucks to its top cyber fighters. Another company paid a $650,000 salary to fill its CISO role in 2012, and last year they bumped the pay up to $2.5 million for a new recruit in the same position.
In 2016, annual CISO compensation in the largest U.S. cities was topping out at between $380,000 and $420,000. Cybersecurity Ventures has observed a gradual uptick of those figures, and we expect to see an increase in the number of organizations that will move the needle to the $500,000 to $1 million range over the next five years.

Discussion ROI:  -If a $1 billion company suffers a breach resulting in a $700 million post-hack market valuation, then how much less is their CISO worth? What about a CISO who prevents such cyber catastrophes from happening in the first place — how much more is she or he worth? These are the types of questions that C-suite executives and HR chiefs are well-advised to be answering for themselves. Over the next several years we’ll be seeing more large organizations dishing out 7-figure pay packages to “A-players” who get A-results. Now even boardroom executives and shareholders are concerned with the possibility of a cyber intrusion that can lead to a plummeting stock price.

Discussion -where are you in the Org Chart -Cybersecurity Ventures forecasts that 100 percent of large corporations (Fortune 500, Global 2000) globally will have a CISO or equivalent position by the end of 2021 (up from 70 percent in 2018), although many of them will be unfilled due to a lack of experienced candidates. “We may see the CISO position mandated,” If that comes to pass, then the big concern is placing unqualified candidates into the positions. Every big company wants the best CISO, but there’s not enough of even the mediocre players to go around. There’s also the issue of who should be taking attendance of the CISOs. There is no clear-cut place for security leaders on the org chart. Who they report to varies by company and it can be the chief compliance officer, the chief information officer (CIO), or the chief legal officer. While the idea of elevating the CISO role to new heights and rebranding them as chief risk officers or chief resilience officers (CROs) who report directly to the CEO is a nice one, the market doesn’t seem ready for it.

Discussion Military Experience -“A lot of large enterprise CISOs come from the (U.S.) military. They have a longer track record of protecting data, or the new oil,” says King, referring to a statement from IBM’s former chairman and CEO Ginni Rometty: “We believe that data is the phenomenon of our time. It is the world’s new natural resource. It is the new basis of competitive advantage, and it is transforming every profession and industry. If all of this is true — even inevitable — then cyber crime, by definition, is the greatest threat to every profession, every industry, every company in the world.” 

A recent study by Cybersecurity Ventures calculated 13 percent of Fortune 500 CISOs served in the U.S. military. Altogether, 66 alumni of the United States Armed Forces currently serve as CISOs for the largest companies in the U.S.
If data becomes so important that it’s the lifeblood of an organization, then companies will spare no expense in hiring the best person for the CISO job. Cybersecurity Ventures expects this will lead to an uptick in the number of security professionals with military backgrounds being placed as Fortune 500 and Global 2000 CISOs.

King notes that military personnel with substantial cybersecurity experience will see a 2X to as much as 5X bump in pay when they switch over to the private sector. But, it’s not about the money for these women and men. “It’s about the mission of protecting companies related to national security — there’s a passion that never leaves them — it’s in their blood,” he says.

Discussion Turnover is rampant when it comes to chief information security officers at the largest companies in the U.S.
The average tenure for CISOs has been estimated at 18 to 26 months by various sources. By comparison, The average tenure for a CIO at the top 1,000 U.S. companies is 54 months, according to Korn Ferry. What explains the CISO merry-go-round at large enterprises? “The demand is so high and the job is so darn tough,”. “The stress level is off the roof because a CISO can be right 99 out of 100 times, and a cybercriminal only has to be right once.” And when the cybercriminal is right, it can be front-page news. Being in the news is not good for a CISO’s career, or resume. At least not if they’re captaining the ship when their organization suffers a high profile cyberattack or data breach. If you’re a security leader who gets the budget, invests it, and still has the same persistent threats, then it’s going to be a very stressful job. “When they (CISOs) quit for no apparent reason, it’s usually personal,”

Recruiting -It’s predicted that there will be 3.5 million unfilled cybersecurity jobs by 2027 —And the talent supply is so thin that deputy CISOs are being lured away by headhunters in order to fill the number one positions. CISOs also have their own teams to recruit and retain, which is perhaps their most difficult challenge of all. Whether you think CISOs are underappreciated or overpaid, the times are a-changin’, and it’s a good time to be one.